Become a fan of Slashdot on Facebook


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment It really is very insecure (Score 1) 147

Currently I work for startup and my job is to secure our web based protect, which includes enforcing login authentication, encryption standards, database usage and more.

The method we use to employ was a tri-factor authentication system, password, TOTP and SMS / Email based tokenization, but we've officially taken the SMS authenticator away because just as this post points out, you have to guarantee who has the phone and somehow confirm the phone which received the SMS is the phone which was meant to.

Think of this concept as having an IP Address, you can send a message to IP and you have to assume that where it ends up is the right destination, because you have to assume the person saying they're is who was assigned that IP Address and not someone who basically stole it and is using it in an unauthorized fashion.

The better way to handle this kind of access security is to use AES_CCM based tokens that have TOTP built into them and force a login through use of a mutli-hop path that gets created and is active only for X Minutes after the user tries to login with their password. How this is works is that after you get the password, you generate a path descriptor which can talk with your Secure DNS. You encrypt this information with some form of AES (or any other standard). You put this information into a secured database system such as MongoDB with the FIPS compliance module active, and then send an email to person X with a link that activates the SDNS module, to read the string from the database, unencrypt it, develop a dynamic path to the end point and request the users TOTP from something they have. Once the user is logged in, you scramble all this information, then securely wipe it from both the program, memory and database and start all over.

Comment Education? (Score 1) 510

If creationism wants equal footing in schools it should be held to a few standards:

1). Needs to have testable, provable and repeatable experiments.
2) It needs to be defended from multiple sources, as in you can't use the bible to defend it.
3) It needs to be taught with no religious overtone.

Creationism is a view held by the uneducated and the demented, when your entire theory is: "God did it", you've failed at all costs to provide anyone with a theory or even rational thought, and this is why it doesn't belong in schools.

Comment QC? (Score 3, Insightful) 211

It's almost as if you can hire people to test your software to make sure MAJOR problems like this don't sneak through. This is not an obscure memory leak, which lead to a date error causing a segfault, this is a MAJOR requirement being mis-implemented, which I'm sure is just as much on the requirements level as it is on the coding level.

Comment I wrote one (Score 1) 227

In college I found i was unable to keep a standard notebook because I never found myself opening it to actually write anything. I looked online for a solution but there was nothing that really fulfilled the logging need. I ended up writing one that was a multiple platform system, which every X amount time, configurable in a web interface, a windows written in C with GTK would open on the desktop or phone, requiring you to enter a message so it could log it back to the server. the system used multi stage encryption and had a web portal where you could view, but not edit, all the messages. It had user accounts and pretty much everything you'd need to keep a rocking lab book.

Comment Canada has the same issue (Score 1) 278

Standardized tests would work if anyone could standardize to a curriculum or qualification for a teacher. the problem is that you have teacher X with skills Y and teaching ability Z, going up against a teacher T with skills Y and teaching ability U. When the standardized test comes, it's really up to the student to see how well they've managed to absorb the information from the teacher and convert it to a style that will work for the test. The entire system is designed to fail and no one seems to care.

To make this work you'd have to hard line that a teacher must teach to a standard A, they must know material to a standard B and they much have skills C, D and E. Then you'd have to release a curriculum that was designed to hand hold the teacher to teach it as F and allow the students to absorb the information in form G. It will never work and the no one can seem to understand this. It will never work as long as you can't enforce an absolute standard.

Comment No religious protection (Score 0, Troll) 253

It's time to grow up as a collective society. Anyone still immature, irrational, childish, illogical and just down right moronic enough to believe that a God created everything and everyone and then told about it in poorly written, massively contradictory books, deserves to be mocked, and followed.

Islam is the story of God as told by an epileptic, illiterate, schizophrenic, paranoid, delusional, diapered, cave man. Who married a child, raped that child, wanted humanity to enslave women, kill people who didn't believe his bat shit crazy view and then (according to Islam), flew to heaven on a magical horse. Now when that your belief system, how much respect do you really want?

Islam is matched with Christianity and Jewish for all the time dumbest, most insane concepts on earth.

Religion is studied and believed by those who are so childish and immature, they need to hold the blanket of irrationality, pray to a sky daddy, who has no evidence, all to make themselves feel like they matter.

If I were the courts, I would said the answer is to grow up, stop acting like children, which is who religion is for, now lets grow up, you can start by taking the diaper off your head.

Comment Why the delay? (Score 1) 36

I love when the technology goes does, you see how little people actually know or care about there job. I'd be very surprised if any of the airport employees were working at even 20% of an acceptable speed. The technology is only an aid, not a replacement, you have to be ready to jump when it fails and kick into full blown action.

Comment Re:They all suck (Score 1) 325

In one company we had Preforce storing about 20 TB's of information. In a course of three months we had about 100 MB of that data get corrupted to the point the entire repo locked up. We then tried to delete the data but thanks to the corruption, which was caused by Preforce, we couldn't. We ended up on a call with Preforce and it took them weeks to figure out how to solve this problem.

About a year later I started at Blackberry, who were using Preforce. I updated development code into the main repo and BANG! Preforce corrupted the data, except that it didn't know it did, then Maven took the code and moved it out to development test beds which all crashed, costing Blackberry a couple MILLION DOLLARS!!!!

Unrelated to that, I then took another job at an engineering company. They didn't use any SCM or Version Control System, so I grabbed Preforce to see if they fixed the massive issues. I uploaded a copy of the code to the repo and guess what! BANG corrupted.

Preforce is NOT a safe environment, I've seen it corrupt data, cause damage, cause a loss of money, corrupt repo's, crash and just screw up servers. If it were a one off issue, that would be fine, but I've had many, many big issues with it.

Comment Of course (Score 2) 479

Don't blame the managers, directors, marketers, or anyone else. Blame the people who have the least control over what they do, software development has become an industry of everyone else telling us how and what to do and we just get stuck with the work.

Which is why I tell all my bosses that I control the code and that's all there is to it.

Comment Simple, Ignore them (Score 1) 152

I can't count the number of times I've been handed deadlines or requirements by managers / directors who have absolutely no clue about software development. The first thing you always do is to read the requirements, this in 99.999% of all cases cause them to be thrown back across the table because they're lacking anything actual requirements, the second thing you do is to throw out the deadline and set your own.

My rule is that the software will take how ever long it will take and that's it. It's the same way in the IT world, when I do IT consulting, I don't set deadlines and I don't set budgets, the project will take however long it takes at how much I charge, which I factor in at the end.

Non technical managers have to understand that it's the developers and administrators who set the deadline and not the other way around, I'm not going to work in a compressed time frame with bad requirements because some guy in a suit decided to sell my project one month early.

Slashdot Top Deals

Backed up the system lately?